Try SpotterCreates a customizable 1Password Item
Authors: 1Password (@1Password)
Install with ansible-galaxy collection install onepassword.connect:==2.2.4
collections:
- name: onepassword.connect
version: 2.2.4Create or update an Item in a Vault.
Fully customizable using the Fields option.
B(NOTE) Any item fields without C(label) are removed when updating an existing item.
- name: Create an Item with no fields
onepassword.connect.generic_item:
title: Example Item
state: present
- name: Create an item and generate its value if the item does not exist.
onepassword.connect.generic_item:
title: Club Membership
state: present
fields:
- label: Secret Code
field_type: concealed
generate_value: on_create
generator_recipe:
length: 16
include_letters: true
include_digits: true
include_symbols: false
section: Club Card Details
register: op_item # Access item values through `op_item['data']`
no_log: true # Hide the output - it will contain the secret value you just stored
- name: Update an item while preserving the generated Secret Code value
onepassword.connect.generic_item:
title: Club Membership
state: present
fields:
- label: Secret Code
field_type: concealed
overwrite: false
generate_value: never
generator_recipe: # ignored because generate_value == never
length: 16
include_letters: true
include_digits: true
include_symbols: false
section: Club Card Details
no_log: true
- name: Change an Item's Name and leave the generated Secret Code value unchanged
onepassword.connect.generic_item:
title: Guild Membership Details
uuid: 3igj89sdf9ssdf89g
state: present
fields:
- label: Secret Code
field_type: concealed
overwrite: false
generate_value: on_create
generator_recipe: # ignored because generate_value == never
length: 16
include_letters: true
include_digits: true
include_symbols: false
section: Club Card Details
no_log: true
- name: Delete an Item by its Item UUID
onepassword.connect.generic_item:
uuid: 3igj89sdf9ssdf89g
state: absent
no_log: true
- name: Delete an Item by its name
onepassword.connect.generic_item:
title: Club Membership
state: absent
no_log: true
name:
aliases:
- title
description:
- Name of the Item
- If C(state) is C(present) and c(uuid) is defined, the given value will overwrite
previous Item name
- If C(state) is C(present) and c(uuid) is NOT defined, the module will try to find
an item with the same name. If an item cannot be found, a new item with the given
name is created and the old item is not deleted.
type: str
tags:
description:
- Collection of tags applied to the 1Password Item.
elements: str
type: list
urls:
description:
- Store one or more URLs on an item
- URLs are clickable in the 1Password UI
elements: str
type: list
uuid:
description:
- Unique ID for a single Item.
- Ignored if C(state) is C(present) and the item doesn't exist.
- If C(state) is C(present) and C(uuid) is NOT defined, the module will try to find
an item using C(name). If an item cannot be found, a new item is created with the
C(name) value and the old item is not changed.
type: str
state:
choices:
- present
- absent
default: present
description:
- I(present) will try to find the item using its vault ID and provided C(name) or
C(UUID). If the item with a matching name or UUID is not found, the item is created.
- To change the C(name) of an item, a C(uuid) MUST be provided. See C(name) for additional
details.
- I(absent) will delete the item if it exists. No change are made if the item is not
found.
type: str
token:
description:
- The token to authenticate 1Password Connect calls.
- Ansible should never log or display this value.
type: str
fields:
description: List of fields associated with the Item
elements: dict
suboptions:
field_type:
aliases:
- type
choices:
- string
- email
- concealed
- url
- otp
- date
- month_year
default: string
description:
- Sets expected value type for the field.
- 'If C(generic_item.category) is C(login) or C(password), the field with type
C(concealed) and named C(password) becomes the item''s primary password.
'
type: str
generate_value:
choices:
- always
- on_create
- never
default: never
description:
- Generate a new value for the field using the C(generator_recipe).
- Overrides C(value) if I(generate_value=on_create) and field does not exist or
if I(generate_value=always).
- I(generate_value=never) will use the data in C(value).
- I(generate_value=always) will assign a new value to this field every time Ansible
runs the module.
- I(generate_value=on_create) will generate a new value and ignore C(value) if
the field does not exist. If the field does exist, the module will use the previously
generated value and ignore the C(value).
- The module searches for field by using a case-insensitive match for the C(label)
within the field's C(section).
type: str
generator_recipe:
description:
- Configures 1Password's Secure Password Generator
- If C(generate_value) is 'never', these options have no effect.
suboptions:
include_digits:
default: true
description:
- Toggle whether generated password includes digits (0-9)
type: bool
include_letters:
default: true
description:
- Toggle whether generated password includes ASCII characters (a-zA-Z)
type: bool
include_symbols:
default: true
description:
- Toggle whether generated password includes ASCII symbol characters
type: bool
length:
default: 32
description:
- Defines number of characters in generated password
type: int
type: dict
label:
description: The name of the field
required: true
type: str
section:
description:
- Places the field into a named group. If section does not exist, it is created.
- If two or more fields belong to the same C(section), they are grouped together
under that section.
type: str
value:
description: Sets the value of the field.
type: str
type: list
category:
choices:
- login
- password
- server
- database
- api_credential
- software_license
- secure_note
- wireless_router
- bank_account
- email_account
- credit_card
- membership
- passport
- outdoor_license
- driver_license
- identity
- reward_program
- social_security_number
default: api_credential
description:
- 'Applies the selected category template to the item. Other 1Password clients use
category templates to help organize fields when rendering an item.
'
- 'The category cannot be changed after creating an item. To change the category,
recreate the item with the new category
'
- 'If the category is C(login) or C(password) and the item has a field named C(password),
that field will be the primary password when the item is displayed in 1Password
clients.
'
- 'If the category is C(login) and the item has a field named C(username), that field
becomes the primary username when the item is displayed in 1Password clients.
'
type: str
favorite:
default: false
description: Toggles the 'favorite' attribute for an Item
type: bool
hostname:
description:
- URL of 1Password Connect.
type: str
vault_id:
description:
- ID of the 1Password vault that will be accessed.
- Uses environment variable C(OP_VAULT_ID) if not explicitly defined in the playbook.
required: true
type: str
msg:
description: Information returned when an error occurs.
returned: failure
sample: Invalid Vault ID
type: str
op_item:
contains:
category:
description: The Item template used when creating or modifying the item
returned: success
sample: LOGIN
type: str
created_at:
description: Timestamp that reports when the Item was originally created
returned: success
sample: '2020-11-23T15:29:07.312397-08:00'
type: str
fields:
description: Lists all defined fields for the Item. The key for each field is
the field's label.
returned: success
sample:
ExampleField:
id: 123example
label: Test
type: STRING
value: exampleValue
type: dict
id:
description: Unique ID for the Item.
returned: success
sample: bactwEXAMPLEpxhpjxymh7yy
type: str
tags:
description: All unique tag values associated with the item
elements: str
returned: success
sample:
- tag1
- tag2
type: list
title:
description: User-provided name for the Item. Displayed in 1Password clients.
returned: success
sample: My Test Item
type: str
updated_at:
description: Timestamp that reports when the Item was last modified.
returned: success
sample: '2020-11-23T15:29:07.312397-08:00'
type: str
vault:
description: Information about the Vault containing this Item.
returned: success
sample:
- id: abc1234EXAMPLEvault5678
type: dict
description: 'Dictionary containing Item properties or an empty dictionary if I(state=absent).
See 1Password Connect API for complete structure.
'
returned: always
type: complex